March 7, 2024 at 01:40PM
Menlo Security linked China to the ALPHV/BlackCat gang behind the Change Healthcare ransomware attack, impacting US pharmacies. The criminals demanded a $22 million Bitcoin ransom, suggesting ties to Chinese state-backed groups. Menlo also found evidence of Notchy’s involvement and purchases of malware tools, causing significant impact on US healthcare infrastructure.
Based on the meeting notes, the key takeaways are:
1. A criminal known as “Notchy,” claiming to be an affiliate of the cybercriminal gang ALPHV/BlackCat, appears to have ties to Chinese government-backed cybercrime syndicates.
2. Menlo Security has linked Beijing to the Change Healthcare ransomware attack, which disrupted pharmacies across America, leading to significant disruptions in accessing health insurance and vital prescriptions.
3. ALPHV reportedly received a $22 million Bitcoin ransom payment from Change’s parent company, UnitedHealth, after the attack.
4. Menlo’s threat intelligence team has identified Notchy as the affiliate responsible for the Change ransomware attack through analysis of dark-web forums.
5. Notchy was found seeking out Cobalt Strike, a security testing tool often used by cybercriminals to gain initial access to victims’ IT environments before deploying ransomware.
6. Notchy has been active on dark-web forums such as Ramp, Exploit, and XSS, indicating involvement in illegal buying and selling of malware.
7. The ransomware attack on Change Healthcare has had a significant impact on the US healthcare system, prompting the Department of Health and Human Services to provide assistance and urging Congress to pass a financial assistance program for affected healthcare providers.
These takeaways highlight the severity of the cyberattack, the involvement of Notchy and ALPHV in the ransomware incident, and the ongoing impact on the healthcare system, calling for immediate action and support from government agencies and authorities.